#tools
#Offensive_security
1. Shennina - Automating Host Exploitation with AI
https://github.com/mazen160/shennina
2. AMSI-bypass obfuscation + ETW-block obfuscation + powershell command obfuscation
https://github.com/H4de5-7/powershell-obfuscation
#Offensive_security
1. Shennina - Automating Host Exploitation with AI
https://github.com/mazen160/shennina
2. AMSI-bypass obfuscation + ETW-block obfuscation + powershell command obfuscation
https://github.com/H4de5-7/powershell-obfuscation
GitHub
GitHub - mazen160/shennina: Automating Host Exploitation with AI
Automating Host Exploitation with AI. Contribute to mazen160/shennina development by creating an account on GitHub.
#Offensive_security
MSI Shenanigans: Offensive Capabilities Overview
https://mgeeky.tech/msi-shenanigans-part-1
]-> Tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner:
https://github.com/mgeeky/msidump
]-> PoC code and samples presenting emerging threat of MSI installer files:
https://github.com/mgeeky/msi-shenanigans
MSI Shenanigans: Offensive Capabilities Overview
https://mgeeky.tech/msi-shenanigans-part-1
]-> Tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner:
https://github.com/mgeeky/msidump
]-> PoC code and samples presenting emerging threat of MSI installer files:
https://github.com/mgeeky/msi-shenanigans
GitHub
GitHub - mgeeky/msidump: MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data…
MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner. - mgeeky/msidump
#Offensive_security
Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk, plus functions and strings obfuscation, duplicate lsass handle from existed processes
https://github.com/D1rkMtr/DumpThatLSASS
Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk, plus functions and strings obfuscation, duplicate lsass handle from existed processes
https://github.com/D1rkMtr/DumpThatLSASS
#tools
#Offensive_security
1. Rps_Http ClientInfo IOC search PowerShell script for recent Exchange issue to check for signs of exploitation
https://github.com/CrowdStrike/OWASSRF/blob/main/Rps_Http-IOC.ps1
2. Vultriever - Vulnerability scoring with Nmap with the built-in Vulners snap-in
https://github.com/MalwareHunters/vultriever
#Offensive_security
1. Rps_Http ClientInfo IOC search PowerShell script for recent Exchange issue to check for signs of exploitation
https://github.com/CrowdStrike/OWASSRF/blob/main/Rps_Http-IOC.ps1
2. Vultriever - Vulnerability scoring with Nmap with the built-in Vulners snap-in
https://github.com/MalwareHunters/vultriever
GitHub
OWASSRF/Rps_Http-IOC.ps1 at main · CrowdStrike/OWASSRF
Contribute to CrowdStrike/OWASSRF development by creating an account on GitHub.
#Offensive_security
Modifying Embedded Filesystems in ARM Linux zImages
https://jamchamb.net/2022/01/02/modify-vmlinuz-arm.html
Modifying Embedded Filesystems in ARM Linux zImages
https://jamchamb.net/2022/01/02/modify-vmlinuz-arm.html
#Offensive_security
1. Spice up your persistence: loading PHP extensions from memory
https://adepts.of0x.cc/dlopen-from-memory-php
2. Unholy Unhooking
byoDLL: https://steve-s.gitbook.io/0xtriboulet/unholy-unhooking/unholy-unhooking-byodll
FrByoDLL: https://steve-s.gitbook.io/0xtriboulet/unholy-unhooking/unholy-unhooking-frbyodll
1. Spice up your persistence: loading PHP extensions from memory
https://adepts.of0x.cc/dlopen-from-memory-php
2. Unholy Unhooking
byoDLL: https://steve-s.gitbook.io/0xtriboulet/unholy-unhooking/unholy-unhooking-byodll
FrByoDLL: https://steve-s.gitbook.io/0xtriboulet/unholy-unhooking/unholy-unhooking-frbyodll
Spice up your persistence: loading PHP extensions from memory |
Spice up your persistence: loading PHP extensions from memory | AdeptsOf0xCC
Load shared object (PHP extension) from memory
#Offensive_security
1. Custom Implicit & Explicit Conversions in C#
https://offensivedefence.co.uk/posts/implicit-explicit-conversions
2. .NET Process injection in a new process with QueueUserAPC using D/invoke
https://gist.github.com/tothi/9cdd2be3b49cb42723726fd75df96471
3. Deceiving Defender: The Big Stack Bypass
https://steve-s.gitbook.io/0xtriboulet/deceiving-defender/deceiving-defender-the-big-stack-bypass
1. Custom Implicit & Explicit Conversions in C#
https://offensivedefence.co.uk/posts/implicit-explicit-conversions
2. .NET Process injection in a new process with QueueUserAPC using D/invoke
https://gist.github.com/tothi/9cdd2be3b49cb42723726fd75df96471
3. Deceiving Defender: The Big Stack Bypass
https://steve-s.gitbook.io/0xtriboulet/deceiving-defender/deceiving-defender-the-big-stack-bypass
offensivedefence.co.uk
Custom Implicit & Explicit Conversions in C#
Implicit and explicited operators are provided as a means of converting one datatype to another.
// this is an implicit conversion from an int to a double int i = 8; double d = i; // this is an explicit conversion from a double to an int double d = 8.8; int…
// this is an implicit conversion from an int to a double int i = 8; double d = i; // this is an explicit conversion from a double to an int double d = 8.8; int…
#Offensive_security
1. Offensive Software Exploitation (OSE) Course
https://github.com/ashemery/exploitation-course
2. Persistence and LOLBins
https://windowsir.blogspot.com/2022/12/persistence-and-lolbins.html
1. Offensive Software Exploitation (OSE) Course
https://github.com/ashemery/exploitation-course
2. Persistence and LOLBins
https://windowsir.blogspot.com/2022/12/persistence-and-lolbins.html
GitHub
GitHub - ashemery/exploitation-course: Offensive Software Exploitation Course
Offensive Software Exploitation Course. Contribute to ashemery/exploitation-course development by creating an account on GitHub.
#Offensive_security
1. Google Hacking Database (GHDB)
https://github.com/readloud/Google-Hacking-Database-GHDB
2. NTP Fingerprinting
https://isc.sans.edu/diary/Its+about+time+OS+Fingerprinting+using+NTP/29394
3. Powershell scripts for post exploitation
https://github.com/ItsCyberAli/PowerMeUp
1. Google Hacking Database (GHDB)
https://github.com/readloud/Google-Hacking-Database-GHDB
2. NTP Fingerprinting
https://isc.sans.edu/diary/Its+about+time+OS+Fingerprinting+using+NTP/29394
3. Powershell scripts for post exploitation
https://github.com/ItsCyberAli/PowerMeUp
GitHub
GitHub - readloud/Google-Hacking-Database: The GHDB is an index of search queries (we call them dorks) used to find publicly available…
The GHDB is an index of search queries (we call them dorks) used to find publicly available information, intended for pentesters and security researchers. - readloud/Google-Hacking-Database